gitea-mirror/monero
1
0
Fork 0
mirror of https://github.com/monero-project/monero.git synced 2026-01-13 05:16:48 -08:00
Code Issues Packages Projects Releases Wiki Activity

bulletproofs: reject points not in the main subgroup

Browse Source
This commit is contained in:
moneromooo-monero
2018-06-29 15:03:00 +01:00
parent 1569717718
commit c429176248
6 changed files with 97 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/ringct/rctOps.cpp
View File

@@ -60,6 +60,17 @@ namespace rct {
//Various key generation functions
bool toPointCheckOrder(ge_p3 *P, const unsigned char *data)
{
if (ge_frombytes_vartime(P, data))
return false;
ge_p2 R;
ge_scalarmult(&R, curveOrder().bytes, P);
key tmp;
ge_tobytes(tmp.bytes, &R);
return tmp == identity();
}
//generates a random scalar which can be used as a secret key or mask
void skGen(key &sk) {
random32_unbiased(sk.bytes);
@@ -200,6 +211,12 @@ namespace rct {
return aP;
}
//Computes aL where L is the curve order
bool isInMainSubgroup(const key & a) {
ge_p3 p3;
return toPointCheckOrder(&p3, a.bytes);
}
//Curve addition / subtractions
//for curve points: AB = A + B